search

ThePorgs / Exegol-images

Docker images of the Exegol project
https://exegol.readthedocs.io/
GNU General Public License v3.0
87 stars 67 forks source link

Tool ysoserialnet #326

Closed lap1nou closed 5 months ago

lap1nou commented 5 months ago

Description

This PR aims to provide a new tool called Ysoserial.NET (https://github.com/pwntester/ysoserial.net), this tool is similar to ysoserial but for generating .NET payload. This was made in order to avoid spawning a Windows VM just to use this tool.

Install instructions come from: https://github.com/pwntester/ysoserial.net/issues/9#issuecomment-790819759 so thanks to this user.

Related issues

N / A

Point of attention

The tool use wine as it is a Windows compiled EXE and also the i386 architecture need to be added for Wine to function properly.

ShutdownRepo commented 5 months ago

Hmm interesting, thank you for the PR I wondering though... what's the impact on the size of the image? I'm wondering if the addition of wine and i386 is not too heavy

lap1nou commented 5 months ago

Hello @ShutdownRepo,

That's a valid concern indeed, I'm not entirely sure but I think it only increase of around 200 MB compared to a normal web image: image

However the size of the .wine folder is 1.3 GB, the total image size is around: 25.4 GB.

That's indeed quite a lot of space for just one tool, could we only ship it on the full image maybe ?

QU35T-code commented 5 months ago

This proposal is under consideration (because of wine). However, we understand the need for this tool.

QU35T-code commented 5 months ago

Hey @lap1nou,

After review with the core team, because of wine, we won't be adding this tool to exegol images. However, maybe you can add this installation to the resources. We'll keep the problem in mind so we can propose an alternative in the future.

Thank you for this proposal

ShutdownRepo commented 5 months ago

Hey @lap1nou,

After review with the core team, because of wine, we won't be adding this tool to exegol images. However, maybe you can add this installation to the resources. We'll keep the problem in mind so we can propose an alternative in the future.

Thank you for this proposal

I'm not even sure it would fit the exegol-resources though, since it's meant to be executed on the attacker host and not on some target. The best would probably be to prepare a pre-set function for my-resources that users could choose to toggle on if they want the tool 🤷